Operational Value of Indicators of Compromise White Paper

Revision Date

Most organizations prioritize processing internal information over processing and acting on external Indicators of Compromise (IOCs) feeds. There is a significant debate in the cybersecurity community as to what operational value some IOCs provide to organizations, since threat actors can and do change IOCs routinely to avoid detection. During the State, Local, Tribal, and Territorial IOC Automation Pilot, Johns Hopkins Applied Physics Laboratory discovered that the right question is not if IOCs are operationally valuable, but when.